CORS for /hasura/auth endpoint

[denisyilmaz]

Hi, I have an angular application that uses /hasura/auth for authentication. locally it works amazingly well.

I pushed my frontend and the craftcms now to two different servers.

frontend >> example.com craftcms >> domain2.com

when trying to access /hasura/authvia example.com I now get following error:

Access to fetch at 'domain2.com/hasura/auth' from origin 'example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

both servers have SSL certificates and all other requests to craftcms are working like charm. Is there somebody who might know the issue for this?

[jasonmccallister]

@denisyilmaz I somehow completely missed this notification/issue, my apologies.

You have to enable CORS on the web server, if you are using Apache you can modify this in the .htaccess. Here is a helpful link: https://enable-cors.org/server_apache.html. There is also documentation if you are using Nginx here: https://enable-cors.org/server_nginx.html

That documentation tells you to enable CORS for every domain, but a better idea is to limit it to only known domains like so:

Access-Control-Allow-Origin: https://example.com

Hopefully that resolves your issue!

[jasonmccallister]

I'm going to close this out, but if you need anything else please don't hesitate!